diag: dump system admins

.gitea/workflows/diag.yml

@@ -3,48 +3,19 @@ on:
   push:
     branches: [diag/admin-otp]
 jobs:
-  otp:
-    name: "Diag · admin send-otp 404"
+  admins:
+    name: "Diag · system admins"
     runs-on: self-hosted
-    timeout-minutes: 6
+    timeout-minutes: 4
     env:
       PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
     steps:
-      - name: CDN vs origin for POST
+      - name: Dump SystemAdmins
         run: |
           set -eu
-          probe() { # $1=label $2=method $3=url
-            echo "--- $1: $2 $3 ---"
-            curl -sk -o /tmp/body -D /tmp/hdr -X "$2" "$3" \
-              -H 'content-type: application/json' -H 'origin: https://admin.meezi.ir' \
-              --data '{"phoneNumber":"09120000000"}' --max-time 15 \
-              -w 'HTTP=%{http_code} ct=%{content_type}\n' || echo "curl failed"
-            grep -iE '^(server|wcdn-status|wcdn-nfc-reason|content-type):' /tmp/hdr | sed 's/^/  hdr: /' || true
-            echo "  body(head): $(head -c 160 /tmp/body | tr -d '\n')"
-            echo ""
-          }
-          echo "### Through public DNS (same path as the browser / WCDN edge) ###"
-          probe "ADMIN-API send-otp" POST  "https://admin-api.meezi.ir/api/admin/auth/send-otp"
-          probe "ADMIN-API send-otp GET" GET "https://admin-api.meezi.ir/api/admin/auth/send-otp"
-          probe "MAIN-API send-otp"  POST  "https://api.meezi.ir/api/auth/send-otp"
-
-          echo "### Bypass WCDN — hit the origin Caddy directly on the host ###"
-          # find the caddy/proxy container and its host-published 443, else use container IP
-          docker ps --format '{{.Names}}  {{.Image}}  {{.Ports}}' | grep -iE 'caddy|proxy|nginx|traefik' || true
-          CADDY=$(docker ps --format '{{.Names}}' | grep -iE 'caddy|proxy' | head -1 || true)
-          echo "caddy=$CADDY"
-          if [ -n "$CADDY" ]; then
-            IP=$(docker inspect "$CADDY" --format '{{range .NetworkSettings.Networks}}{{.IPAddress}} {{end}}' | awk '{print $1}')
-            echo "caddy ip=$IP"
-            echo "--- ORIGIN admin-api POST (via --resolve to caddy) ---"
-            curl -sk -o /tmp/b2 -D /tmp/h2 -X POST "https://admin-api.meezi.ir/api/admin/auth/send-otp" \
-              --resolve "admin-api.meezi.ir:443:$IP" -H 'content-type: application/json' \
-              --data '{"phoneNumber":"09120000000"}' --max-time 15 \
-              -w 'HTTP=%{http_code} ct=%{content_type}\n' || echo "curl failed"
-            grep -iE '^(server|content-type):' /tmp/h2 | sed 's/^/  hdr: /' || true
-            echo "  body(head): $(head -c 200 /tmp/b2 | tr -d '\n')"
-          fi
-          echo ""
-          echo "### admin-api container + did the POST reach the app? ###"
-          docker inspect meezi-admin-api --format 'state={{.State.Status}} restarts={{.RestartCount}} started={{.State.StartedAt}}' || true
-          docker logs meezi-admin-api --since 8m 2>&1 | grep -iE 'send-otp|auth' | tail -15 || echo "(no send-otp lines in admin-api logs → request never reached it)"
+          U=$(docker exec meezi-db env | grep '^POSTGRES_USER=' | cut -d= -f2)
+          D=$(docker exec meezi-db env | grep '^POSTGRES_DB=' | cut -d= -f2)
+          echo "=== SystemAdmins (phone / username / active / deleted / has-password) ==="
+          docker exec meezi-db psql -U "$U" -d "$D" -c "SELECT \"Id\", \"Phone\", \"Username\", \"IsActive\", \"DeletedAt\", (\"PasswordHash\" IS NOT NULL) AS has_pw, \"CreatedAt\" FROM \"SystemAdmins\" ORDER BY \"CreatedAt\";" || true
+          echo "=== count ==="
+          docker exec meezi-db psql -U "$U" -d "$D" -t -c "SELECT count(*) FROM \"SystemAdmins\";" || true